IT Security News Blast 8-15-2017

Study: Most Companies Have No Idea How Much a Cyber Attack Could Cost Them

While the math isn’t exact and numbers vary across the board, the consensus is pretty clear: it costs a lot more than these people think. According to one study from Hewlett Packard Enterprise, the average annual losses per US company that experiences a cyber attack is $15.4 million in 2016. Another study from IBM estimated the cost at around $3.62 million in 2017. While this data is far from consistent, one thing is clear: it costs a whole lot more than $500,000.

“Hospitals not only have thousands of computers, phones and laptops: they also have thousands of medical devices connected to the network,” John D. Halamka, M.D. and Chief Information Officer of the Beth Israel Deaconess System, wrote in an article for the PBS NEWSHOUR web site. “IV pumps, X-ray machines, and heart monitors sound like appliances, but in reality they are computers with network connections. Many of these medical devices have little to no security protections because manufacturers never assumed they would be attacked.”

The assaults on healthcare organizations aren’t likely to abate any time soon. “After two years of a steadily increasing cyber threat landscape that resulted in record numbers of patient records compromised, health organizations extorted financially, and hospital operations disrupted very publicly, 2017 is likely to be just as interesting,” predicts an Health IT Security perspective. “Hackers will continue to go after networks, systems, and applications that have been misconfigured or are not maintained properly.”

Make the training stick: How to engage users in cybersecurity practices

If healthcare organizations make security training fun, the argument goes, sometimes things will stick a little easier. Devine said that examples such as illustrating how hackers can crack into a car-wash and manipulate the robotic arms to damage automobiles or lock customers inside tends to pique trainee interest. “Maybe it’s a bit of a scare tactic,” he said. “But we are in a cyber-war out there, it’s in the news all the time.”

The implications of any cyberattack against global shipping are also increasingly extending far beyond the ship itself. Consider a cyber attack on an oil tanker, for example, which causes it to run aground and spill its contents. That alone would be a disaster. Now consider what would happen if that same attack occurred in the narrowest point of the Straits of Malacca, the approximately 1.7 mile-wide stretch through which over 15 million barrels of oil are otherwise transited per day, not to mention an estimated 25 percent of all global shipping. That would be a global catastrophe.

However, the recovery time for companies hit by large-scale cyber attacks can actually be months or years, and the study also exposed holes in organisations’ response planning. For example, 63 per cent of firms recognise reputational damage as a risk of a data breach, but only 26 per cent include their PR and communications chiefs in their incident response plans. Meanwhile, while 72 per cent of firms know they can lose revenue and 69 per cent recognise that they can lose data, only 52 per cent of firms consider lost customers as a potential cost of a breach.

“Every country should have a cyber war”: What Estonia learned from Russian hacking

The attacks made Estonia more determined than ever to develop its digital economy and make it safe from future attacks. “I think every country should have a cyber war,” says Taavi Kotka, the government’s former chief information officer. “Citizens get knowledge about what an attack means, about how phishing works, how D-DoS works, and they start to understand and live with that. People aren’t afraid if they know they can survive something. It’s the same thing as electricity going off: Okay, it’s an inconvenience, but you know how to deal with it.”

To infect victims, the attackers are using Microsoft Office document files – most likely hosted on compromised servers and distributed via phishing emails – that are weaponized with the same malicious VBA macros that were found in the previous campaign targeting Korean speakers. But this time, the decoy documents are written in English. One such document describes a purported job opening for a mechanical engineering integration manager for the THAAD interceptor, an anti-ballistic missile defense system, while another shows a job listing for a director of sales and business development at Sikorskys Mission Equipment.

Striking Power: How Cyber, Robots, and Space Weapons Change the Rules for War [Book Review]

Threats to international peace and security include the proliferation of weapons of mass destruction (WMD), rogue nations, and international terrorism. The United States must respond to these challenges to its national security and to world stability by embracing new military technologies such as drones, autonomous robots, and cyber weapons. These weapons can provide more precise, less destructive means to coerce opponents to stop WMD proliferation, clamp down on terrorism, or end humanitarian disasters.

Criminals are interested in extortion, holding manufacturing plants hostage, or stealing intellectual property for financial or competitive gains. Nation-state attackers, meanwhile, have other goals in mind, according to the TrapX report. “Nation states will deeply learn the site and improve their network persistence for the ‘command day’ to harm the system,” Ben-Simon said. “The main goal is to understand the ICS role inside the manufacturing and critical infrastructure site, and take control using backdoor access to avoid exposure. Once they get control on the ICS system or device, they have all the options in hand from changing operations to shutting down the entire system.”

The web hosting company GoDaddy, which has been criticized for months for hosting the Daily Stormer, announced late Sunday that “they have 24 hours to move the domain to another provider, as they have violated our terms of service.” Sure enough, the Daily Stormer’s front page was shortly replaced with a drawing of a dead whale and an error message: “We’re having an outage.”

The site was back online Monday afternoon, with a triumphant post blaming hackers for “a brief disruption.” Hackers or not, the Stormer also had a new Web host — Google, which promptly announced that it, too, would be kicking the neo-Nazis out. “We are cancelling Daily Stormer’s registration with Google Domains for violating our terms of service[.]”

Department of Justice Uses Search Warrant To Get Data On Visitors to Anti-Trump Site

The Department of Justice initially used subpoenas to DreamHost to seek subscriber information about who ran the site. That’s fairly straightforward. But then they doubled down. They obtained a search warrant for an extremely broad array of data related to the site, including all stored records of access to the site or communications with the site. As written, it seems to demand data including the IP addresses of everyone who ever accessed the site and the content of every site visitor’s question or comment submitted through the site’s comment form, as well as all emails sent to or through the web site.

British Cybersecurity Expert Pleads Not Guilty To Federal Malware Charges

After today’s hearing, Hutchins’ lawyer Marcia Hofmann described him as a “brilliant young man and a hero,” and said that “when the evidence comes to light, we are confident he will be fully vindicated.” The FBI took Hutchins into custody earlier this month in Las Vegas, where he had been attending a cybersecurity conference. In July, a federal grand jury indicted him and an unnamed co-defendant on six counts dating from July 2014 to July 2015.

The State Department officially launched the new office, called the Cyber and Technology Security (CTS) directorate, on May 28, a department official confirmed. The establishment of the directorate was first reported by Federal News Radio last week. The directorate “facilitates the conduct of global diplomacy by protecting life, property, and information with advanced cybersecurity programs and risk-managed technology innovation,” the State official told The Hill. “CTS provides advanced cyber threat analysis, incident detection and response, cyber investigative support, and emerging technology solutions,” the official said.

There is a growing theory that the email hack of the DNC during the 2016 presidential election wasn’t a hack at all, but an internal leak. But now cybersecurity experts are saying that assumption is unlikely to be true. John Hultquist, Director of Intelligence Analysis at FireEye, a firm that provides forensic analysis and other cybersecurity services told the Hill, “The theory is flawed.” The theory in question is related to download speeds and was popularized after one blogger, Forensicator, concluded that due to the speed at which documents were downloaded, it could not have happened over the internet.

It also delved into who has been attacking who: “When it comes to the more specific question of which countries are attacking which, the greatest number of attacks came from Russia targeting the US, followed by Russia targeting the Netherlands, the Netherlands targeting the US, and Belgium targeting the US,” the report found. The analysis uncovered spikes in traffic to SMB port 445 (resulting from NotPetya and WannaCry) and to UPnP port 1900 (resulting from attacker interest in vulnerable IoT devices). Attack payloads were made up of 66% executable files, and 33% fileless scripts and commands—and the report underscores that attackers are constantly evolving to find new attack surfaces.

All the pieces are there for someone to build a wormable exploit, but can it be done in a similar timeframe to WannaCry, and without an available NSA exploit, for example? The bug in Microsoft’s desktop search utility (CVE-2017-8620), allows an attacker to elevate privileges and remotely run arbitrary code. It affects all supported versions of Windows and Windows Server, and it can leverage SMB to remotely trigger the vulnerability. SMB is the same attack vector used in the WannaCry and NotPetya attacks, giving an already hyper-sensitive user base more anxiety.

It all started in July 2017, when hackers claimed to steal 1.5TB of data from the network and threatened to leak it online. After a few days, hackers started leaking sensitive documents belong to the company including an unreleased episode of Game of Thrones. […] However, after the latest leak, the media giant said that “The hacker may continue to drop bits and pieces of stolen information in an attempt to generate media attention. That’s a game we’re not going to participate in.” It is unclear what’s next from the hackers but based on their previous leaks it’s easy to conclude that HBO is in big trouble.

The incident is the latest reminder that the so-called Internet of Things—in which locks, thermostats, and other everyday appliances are embedded with small Internet-connected computers—often provide as many annoyances as they do conveniences. Over the past week, the Colorado-based company’s Twitter feed has been gorged with comments from customers who were suddenly unable to lock or unlock their doors normally. Complicating the matter: the affected LockState model—the RemoteLock 6i—is included in an Airbnb partnership called Host Assist. That left many hosts unable to remotely control their locks.

Want more cybersecurity information?

We may also occasionally send you information about Critical Informatics products and solutions; you can unsubscribe at anytime if desired.Leave this field empty if you're human:

About Critical Informatics

We are world-class information security professionals providing Managed Detection and Response services to help you be secure, compliant, and resilient against threats to the life safety, life-sustaining, and quality-of-life systems and services you provide to clients, customers, constituents, and communities.